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{57} Where simply the giving of a 
number Is to be used as a payment 
problems arise as to bow the number 
can be generated securely and how ft 
can be verified A secret fey heJd in a 
store 16 of a customers token 1 0 is used 
to encrypt a number specifying goods 
and a payment to be made transmitted 
from a shopkeepers terminal 14. The 
number generated is decrypted for 
checking by the terminal 14 using a 
non-secret key supplied by a store 20 of 
the token 10 but the non-secret key 
together wrth coded numbers does not 
provided enough information for the 
secret key to be found and hence for 
fraudulent coding to be carried out 
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SPECIFICATION 

Apparatus and methods for making payments elec- 
tronically 

5 

The present invention relates to devices such as 
cards ortokens containing "active" electronic cir- 
cuits, and methods of using such devices for carry- 
ing out transactions, for example payments. Usually 

10 the transactions are carried out "off line" 

In the most commonly used method of making 
payment by passive crecfit card, a shopkeeper, for 
example, tills in a sfip using details from the credit 
card and the customer signs the slip. Where the 

1 5 amount is greater than a certain limit, the shop- 
keeper telephones the credit card company and 
obtains a number to write on the slip provided the 
customer has sufficient credit to cover the purchase. 
The slips are made out by shopkeepers are then pas- 

20 sed to credit card companies who arrange for pay- 
men! to the shopkeepers- Although this process 
works well, it is expensive and time consuming in 
writing out slips, and inthe transmission and clear- 
ing of slips. 

2S In another less well known credit card system 
which may be active or passive the customer pre- 
pays for some service such as a train fare and the 
amount he pays is recorded on the card. Each time 
the card is used an amount for example correspond- 

30 ing to the fare, is deducted from the total on the card 
and the card has to be either discarded or reloaded 
when the prepaid amount has been used, Although 
this system is suitable for such payments as travel 
by railway and telephone usage, where a customer 

35 deals mainly with one organisation which can issue 
cards to be used only on its system, it is of little use 
where a card is required which can be used with a 
large number of relatively small organisations. 
Although in theory the system could be operated by 

40 transferring an amount from the customers card to 
an electronic or mag netic record kept by the shop- 
keeper, such a system would be very susceptible to 
fraud, 

In another proposed arrangement which is quite 

45 similarto that previously described, the shopkeeper 
has an electronic cash register (ECR) which is con- 
nected "on line" to a number of banks and when the 
credit card is used, it is inserted into the ECFi and an 
on line computer checks the card holder's current 

50 balance and debits it according to an amount 
entered at the ECFL At the same time the shop- 
keeper's account Is increased by that amount 
Clearly this is a complex and expensive system 
which is susceptible to electronic faults. 

SB According to a first aspect of the present invention 
there is provided a method of carrying out a transac- 
tion comprising automatically coding information 
relating to the transaction using a system of the type 
hereinafter specified, decoding the coded message 

60 in order to determine what information has been 
coded, and using the coded message to enable an 
action to be carried out and/or storing the coded 
message as evidence of the transaction. 
In this specification a coding system of the type 

65 specified is a system in which a coded message can 



be decoded without such knowledge of the coding 
process which was used to produce the coded mes- 
sage, as would allow information to be coded 
according to the process. 

70 Such a system can be based on the United States 
Public Key Crypto System {PRCS}, This system is 
discussed in more detail later 

Transactions which may be carried out using the 
first aspect of the Invention include many record ng 

75 anoVor authorization processes, for example author- 
ization for, and recording of, the removal of goods, 
the coded message being kept by the person parting 
with the goods as evidence of authorization, Of 
course, transactions according to the first aspect of 

80 the invention Include payments when the coded 
message is evidence of the payment and may, in 
effect be regarded as the payment 

According to a second aspect of the present inven- 
tion there is provided a portable token comprising 

85 means for receiving signals representing informa- 
tion concerning a transaction, means for encoding 
the signals received according to a coding system of 
the type hereinbefore specified, and means for pro- 
viding an indication of the encoded signals. 

90 Preferably the token is capable of being easily car- 
ried In one hand. 

According to a third aspect of the present invert* 
tion there is provided a terminal comprising means 
for supplying first electrical signals representative of 

95 information concerning a transaction to coding 
apparatus, means for receiving second encoded 
electrical signals representative of the first signals 
from coding apparatus, and means for decoding the 
second signals according to a coding system of the 

100 type hereinbefore specified 

The terminal may also include means for indicat- 
ing fee decoded contents of the second signals 
and/or means for checking the decoded signals 
against the first signals* 

105 The terminal may also include storage means for 
storing a plurality of second signals in a form which 
can be transmitted to a clearing organisation, such 
as a bank. The storage means may be magnetic tape, 
for example in a cassette, a "floppy disc"* a non- 

1 10 volatile electrical memory, or even a volatile electri- 
cal memory where the second signals can be trans- 
mitted, for example by means of a telephone line, at 
certain times of day. 
A main advantage of the present invention can 

1 1 5 now be appreciated since when the method of the 
first aspect of the Invention is used usi ng a token 
according to the second aspect of the invention in 
conjunction with a terminal of the third aspect of the 
invention, a shopkeeper, for example, receives a 

1 20 number from a customer and tills number may for 
instance represent the date, time and amount of a 
payment and in addition account numbers of both 
the customer and the shopkeeper. Since the number 
received by the shopkeeper is encoded according to 

125 a secret process he cannot encode further fraudulent 
numbers. On the other hand he can checkthatthe 
number he is given represents the correct amount 
recipient, date and time by decoding th e number. 
Therefore the number given to the shopkeeper is a 

130 bankable commodity. 
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The token is usually formed by integrated cf r cuits 
including programmable read only memory {PROM) 
which contains the encoding key, in a form which 
cannot be accessed, and an algorithm for encoding 
5 incoming signals, the encoding process is carried 
out in other circuits, which may include a microp- 
rocessor. 

The terminal also includes a small computer such 
as a microprocessor which is able to respond to a 

1 0 decoding key which may be either supplied by the 
token or by a separate credit card which could emp- 
loy either active or passive storage (such as a 
magnetic strip]. There is no particular need for the 
decoding key to be kept secret since as is pointed out 

1 5 above, messages cannot be encoded using this key. 
The terminal Is expected to form part of an electri- 
cal cash register. 

Tokens according to the second aspect of the 
invention or for use with terminate according to the 

20 third aspect of the invention may take many forma, 
for example they may be card shaped or key shaped, 
Tokens may be battery operated or supplied by way 
of plug-in contacts from a terminal or by way of 
impedance coupling to a terminal 

25 The PKCS and its application to this invention will 
now be discussed. The PKCS is described in "New 
Directions in Cryptography" by Diffle and Hellman, 

Trans. Inform. Theory 11, 22 {November 
1876)* also in "A Method for Obtaining Digital Signa^ 

30 turesandFubllc-KeyCryptcH^ems" # byRivest 
Shamir and Adlerman, Comm. Assoc Comp, Mach. 
Vol 21, No. 2 (February 1978). 

There are two kinds of PKCS available but only 
that known asthe RSA algorithm is thought at pres- 

35 ent, to be suitable for the present Invention. The RSA 
is a numbertheoretic system which makes public 
two numbers R and S. if the message is M then the 
encrypted message C is given by: 
C-MMmodK| 

40 The recipient knows a decryption key which is 
another number T which has the property that M = 
C (mod R) and therefore he can decode C to obtain 
M. rf R Ts the product of two large primes P and 0, 
then calculation of T, given S and R, is only possible 

45 if R can be factorised into PXQ. This is known to be 
very difficultfor large numbers (especially if, P <■» 2P 9 
+ 1 where P js also prime)* An advantage of the RSA 
algorithm is its symmetry. It does not matter 
whether S orT is used for "encryption" or "decryp- 

50 tion". 

A simple example of the system is now given 
using the "secret" numbers P = 5, Q - 11 and T ~ 7, 
the "public" numbers R - 55 and S = 3, Suppose the 
message is the number 1 9 (in practice for payments 
55 the number has about 50 decimal digits (as is dis- 
cussed below) and is in binary form) then 
C = 13* (mod 55} 
= 6859-155x120) =39 
(56 x 120 being the nearest multiple of 55 which is 
60 less than 6859). Thus the coded message is 39. On 
decoding, 

M - 3SP (mod 55) 
which can be found by first calculating 34* (mod 55) 
and 3ff |mod 55) which equal 31 and 29 respectively 
65 and then finding 31x29 (mod 55). 



That is 34 x 29 [mod 55) « 899-830 = 19. 

An embodiment of the invention will now be 
described, byway of example, with reference to the 
accompanying drawing which is a block diagram of 
70 a customer's token and a shopkeeper's terminal 
according to the invention. 

In the Rgure a token 10, which may be in the form 
of a slim card, contains a number of integrated cir- 
cuits and is connected by way of plug-in contacts 1 1, 
75 1 2 and 13 to a terminal 14 which is part of an ECR 
only some parts of which relevant to the present 
invention are described here. The card 1 0 receives 
power by means of piug-in connections from the 
ECR but these power circuits are not shown in the 
80 Figure- The card is also synchronised to the terminal 
by means of connections and circuits which are not 
shown, 

When a customer makes a purchase the shop- 
keeper enters details of the transaction into hfs ECR 
85 by means of a keyboard 1 5. These details, which 
include the amount of the transaction and the date 
and time of the transaction, are passed to a display 
25 of the terminal. 
If the customer agrees with the figures displayed, 
90 he inserts his card 10 into the terminal 14, initiating 
the operations now described. 

The Information entered on the keyboard 1 5 is 
held in a register 1 7 together with a number Iden- 
tifying the shop* This information is transferred to a 
95 register 18 in the token 10 which also receives a 
number from a store 1 6 Identifying the customer, for 
example the number of his bank plus his account 
number, Thus the store 18 now hoids all details of 
the transaction and these are passed to a PKCS 

100 encryption circuit IS which also receives the encryp- 
tion key from the store 16. 

The encrypted message is then passed to a regis- 
ter 21 and thence to a register 22 in the terminal 14, 
The contents of the register 22 are applied to a PKCS 

105 decryption circurt 23 which receives the decryption 
key from a store 20 in the token 1 0. Circuits IS and 23 
may be in the form of microprocessor integrated cir- 
cuits programmed according to the above men- 
tioned paper by Rivest, Shamir and Adlerman, The 

110 decoded message thus arrives in a register 24 where 
it is used to drive the display 2& Since this display is 
available to both customer and shopkeeper, both 
can check that the number supplied from the register 
21 to the register 22 contains correct information 

1 1 5 concerning the transaction, The display 25 may 
include a small printer which provides a permanent 
record for the customer and also, if required, for the 
shopkeeper. 
The display may also include a character which 

1 20 indicates whether the message as sent from the ECR 
to the token 1 0 is the same (except forthe cus- 
tomer's number which was added in the register 18) 
as that obtained after decryption in the reg ister 24 t 
For this purpose a comparator 26 is provided and if 

125 the comparison is correct an enabling signal is 
applied to a gate 27, However a further enabling 
signal from the keyboard 15 is required which is 
suppli ed when the shopkeeper is satisfied that the 
details displayed are correct. The gate 27 then opens 

1 30 and the coded num bar held by the register 22 is pas- 
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sed to an electrical store 28. 

After a number of such transactions the store 28 
contains encoded numbers which represent pay- 
ments, These numbers may be, as mentioned above* 
5 held on mag netic tape so th at they can be taken to a 
bank at the end of the day or at the end of a week, 
Other ways of storing and transmitting the numbers 
have already been mentioned. 
!n a typical token and terminal system the mes- 
1 0 sage which is coded and then stored in the store 28 
may be made up as follows : — 

Amount (£or $} 5 decimal digits 

Date , « ..... 6 decimal digits 

Tims „, 4 decimal digits 

15 Customer's Bank , 8 decimal digits 

Account number 8 decimal digits 

Shop „ ^ 12 decimal digits 

This gives a total of 43 decimal digits and by provid- 
ing 50 such digits a few spare digits are available for 
20 further information 

The stores 1 6 and 20 may conveniently be PROMs 
but steps must be taken to ensure that the encoding 
key from the store 1 6 cannot be accessed from out- 
side the token 10 without destroying the token. For 
25 soma types of transaction it may be considered pref™ 
erabie to employ a second token or credit card 
instead of the store 20, which may be kept in a differ- 
ent pface from the token 1 0 to give details of the 
decryption key forme circuit 23 in the terminal. 
30 Details relating to the owner of the token 10 may also 
be held on this second card instead of in the store 1 6. 
Such a card may simply include a magnetic strip 
with these details and printing giving the owner's 
name, address and, for example, bank. 
35 Many of the circuits shown In the token 1 0 and the 
terminal 14 may be replaced by respective microp- 
rocessors. 

It will be apparent that the invention may be put 
into effect in many other ways that specifically 
40 described above. In particular other encryption sys- 
tems may prove suitable and other layouts of both 
token and terminal are possible using similar or dif- 
ferent integrated circuits. 
CUM MS 

4S 1 A method of carrying out a transaction, com* 
prising automatically coding information relating to 
the transaction using a system of the type hereinbe- 
fore specified, decoding the coded message in order 
to determine what information has been coded, and 

B0 using the coded message to enable an action to be 
carded out and/or storing the coded message as evi- 
dence of the transaction. 

2. A portable token comprising means for receiv- 
ing signals representing information concerning a 

55 transaction, means for encodi ng the signals received 
according to a coding system of the type hereinbe- 
fore specified, and means for providing an indication 
of the encoded signals, 

3. A token according to Claim 2 which Is capable 
60 of being easily carried in one hand* 

4. Atoken according to Claim 2 or 3 including 
first and second storage means containing an encod- 
ing key and a decoding key, respectively, the first 
storage means being coupled to the means for 

65 encoding, and the second storage means having 



coupling means for pass frig the decoding key to a 
terminal which is to be used in conjunction with the 
token. 

5. Aterminal comprising means for supplying 
70 first electrical signals representative of information 

concerning a transaction to coding apparatus, 
means for receiving second encoded electrical sign- 
als representative of the first signals from coding 
apparatus, and means for decoding the second sign- 
75 a Is according to a coding system of the type 
hereinbefore specified. 

6. Aterminal according to Claim 5 including 
means for indicating the decoded contents of the 
second signals and/or means for checking the 

80 decoded second signals against the first signals. 

7. Aterminal according to Claim 5 or 6 including 
storage means for storing a plurality of the second 
signals in a form which allows the stored signals to 
be transmitted later, when required, 

85 8. A method, token or terminal according to any 
preceding claim wherein coding and decoding are 
according to the BSA algorithm of the United 
States Public Key Crypto System. 

9. A method of carrying out a transaction as 
SO hereinbefore described. 

1 0. A portable token as hereinbefore described 
with reference to and as shown in the accompanying 
drawing, 

11 Aterminal as hereinbefore described with 
95 reference to and as shown In the accompanying 
drawing. 
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